On February 11, 2025, Adobe released a new security patch, APSB25-08, which addresses critical, important, and moderate vulnerabilities in Magento Open Source and Adobe Commerce, It mitigates risks related to arbitrary code execution, security feature bypass, and privilege escalation.
Key Vulnerabilities Addressed By
This patch addresses varied security vulnerabilities, including:
- Improper Limitation of a Pathname to a Restricted Directory
- Incorrect Authorization
- Information Exposure
- Improper Authorization
- Cross-Site Scripting (XSS)
- Improper Access Control
- Violation of Secure Design Principles
- Business Logic Errors
- Time-of-Check Time-of-Use (TOCTOU) Race Condition
These vulnerabilities cause significant security risks, making it crucial for businesses to apply the update immediately to prevent potential security breaches.
Affected Versions
The Adobe Commerce Security Update APSB25-08 impacts the following versions of Adobe Commerce and Magento Open Source:
- Adobe Commerce: 2.4.8-beta1, 2.4.7-ps and earlier, 2.4.6-p8 and earlier, 2.4.5-p10 and earlier, 2.4.4-p11 and earlier
- Adobe Commerce B2B: 1.5.0 and earlier, 1.4.2-p3 and earlier, 1.3.5-p8 and earlier, 1.3.4-p10 and earlier, 1.3.3-p11 and earlier
- Magento Open Source: 2.4.8-beta1, 2.4.7-p3 and earlier, 2.4.6-p8 and earlier, 2.4.5-p10 and earlier, 2.4.4-p11 and earlier
A specific vulnerability, CVE-2025-24434, is isolated to Adobe Commerce and Magento Open Source. Adobe has released a standalone patch to help merchants apply the fix in isolation with fewer risks of delay due to potential integration issues.
Recommended Action
Adobe strongly recommends that users apply the patches immediately to mitigate critical security risks. Additionally, users of Adobe Commerce and Magento Open Source should ensure they install the isolated patch for CVE-2025-24434 to minimize exposure to vulnerabilities.
How to Install the Update
Step 1: Download the relevant patch files
Step 2: Install the security patch on a staging platform first
Step 3: Verify the successful installation by checking the patch status using the provided tools
Step 4: Deploy the update on the live platform after confirming stability on staging
To maintain a secure system, business should update their software, implement strong access controls, and monitor for suspicious activities to mitigate future security threats.
As an Adobe Commerce certified partner, ioVista can help you implement the latest security patch without hindering your ongoing eCommerce operations. Connect with our certified experts to install this update.